Posts: 1 to 25 of 74

Topic: DNSCrypt setup — securing DNS communications

OpenDNS, the free DNS provider, offers new way to protect clients against attacks related to modification and manipulation of DNS traffic — DNSCrypt. The main objectives of DNSCrypt is full encryption of the communication channel between the client (you) and server (OpenDNS) — roughly as SSL is used to encrypt HTTP traffic. read more »

Re: DNSCrypt setup — securing DNS communications

I suspect it's my fault initially. I turned off -fstack-protector but forgot about -D_FORTIFY_SOURCE=2, also removed some weird linker flags.

dnscrypt-proxy 0.9.5 tested for two days under quite heavy load (~8000 DNS names resolved) and there is no sign of memleak (under Valgrind too). Memory heap raised from 60 to 600Kb and stops growing at this point.

define Package/dnscrypt-proxy/descriptiondnscrypt-proxy is a slight variation on DNSCurve.DNSCurve improves the confidentiality and integrity of DNS requests using high-speed high-security elliptic-curve cryptography. Best of all, DNSCurve has very low overhead and adds virtually no latency to queries.endef

Re: DNSCrypt setup — securing DNS communications

axishero, 0.9.3 version with standard init.d/dnscrypt-proxy script? I think 2053 port is already in use (# netstat -a -n for check), or permissions denied.In /etc/init.d/dncrypt-proxy try to change LISTEN_PORT to any another more than 1024 (and in /etc/config/dhcp too) or change dnscrypt-proxy arguments (remove -u nobody):

Re: DNSCrypt setup — securing DNS communications

Black Roland wrote:

axishero, 0.9.3 version with standard init.d/dnscrypt-proxy script? I think 2053 port is already in use (# netstat -a -n for check), or permissions denied.

I am using the init script from your #1 post.Dnscrypt can't be up at boot.But it can be up by ssh into and '/etc/init.d/dnscrypt-proxy start' after boot.For this case,it's running on tplink wr1041n which has only one switch named eth0 divided into eth0.1 and eth0.2 as wan and lan.